Network Policy Server
Network Policy Server is Microsofts implementation of Remote Authentication Dial-in User Service (RADIUS) Server and Proxy in Windows Server 2008, and replacement for Internet Authentication Service in Server 2003. NPS allows you to centrally configure and manage network access authentication, authorization, and client health policies with the following features:
Performs centralized authentication, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network connection,and for connections to computers running Terminal Services Gateway. When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You also configure network policies that NPS uses to authorize connection requests.To deploy NPS with TS Gateway,you must deploy TS Gateway on the local or a remote computer that is running Windows Server 2008.To deploy NPS with Routing and Remote Access configured as a VPN server,a member of a VPN site-to-site configuration, or a dial-up server, you must deploy Routing and Remote Access on the local or a remote computer that is running Windows Server 2008.
When you use NPS as a RADIUS proxy, you can configure connection request policies that tell the NPS server which connection requests to forward to other RADIUS servers and to which RADIUS servers you want to forward connection requests.
Network Access Protection (NAP) policy server:
When configured as a NAP policy server, NPS evaluates statements of health sent by NAP-capable client computers that want to connect to the network.It also acts as a RADIUS server when configured with NAP, performing authentication and authorization for connection requests. You can configure NAP policies and settings including system health validators, health policy, and remediation server groups.Installation of the Network Policy and Access Services role installs the Network Policy Server component and the RADIUS role
You can configure 802.1X-based connection request policies for 802.3 wired client Ethernet network access. You can also configure 802.1X-compliant switches as RADIUS clients in NPS, and use NPS as a RADIUS server to process connection requests, authentication, authorization, and accounting for 802.3 Ethernet connections.
You can configure 802.1X-based connection request policies for 802.11 wireless client network access. You can also configure wireless access points as RADIUS clients in NPS, and use NPS as a RADIUS server to process connection requests, perform authentication, authorization, and accounting for 802.11 wireless connections. You can integrate 802.11 wireless access with NAP when deploying a wireless 802.1X infrastructure so that wireless clients is verified against health policys before they are allowed to connect to the network.
You can also use NPS to deploy secure password authentication with Protected Extensible Authentication Protocol (PEAP)-MS-CHAP v2 for wireless connections.To deploy NPS with secure 802.1X wired or wireless access, you must enroll a server certificate to the server running NPS using Active Directory Certificate Services or a public certification authority. To deploy EAP-TLS or PEAP-TLS, you must also enroll computer or user certificates,that requires you to design and deploy a public key infrastructure using AD CS.